Instances of this class are generally created using a
SSLServerSocketFactory. The primary function
of SSLServerSockets
is to create SSLSockets by accepting
connections.

SSLServerSockets contain several pieces of state data
which are inherited by the SSLSocket at
socket creation. These include the enabled cipher
suites and protocols, whether client
authentication is necessary, and whether created sockets should
begin handshaking in client or server mode. The state
inherited by the created SSLSocket can be
overriden by calling the appropriate methods.

SSLServerSocket

Create a TCP server socket on a port, using the default
authentication context. The connection backlog defaults to
fifty connections queued up before the system starts to
reject new connection requests.

A port number of 0 creates a socket on any free port.

If there is a security manager, its checkListen
method is called with the port argument as its
argument to ensure the operation is allowed. This could result
in a SecurityException.

SSLServerSocket

Create a TCP server socket on a port, using the default
authentication context and a specified backlog of connections.

A port number of 0 creates a socket on any free port.

The backlog argument is the requested maximum number of
pending connections on the socket. Its exact semantics are implementation
specific. In particular, an implementation may impose a maximum length
or may choose to ignore the parameter altogther. The value provided
should be greater than 0. If it is less than or equal to
0, then an implementation specific default will be used.

If there is a security manager, its checkListen
method is called with the port argument as its
argument to ensure the operation is allowed. This could result
in a SecurityException.

SSLServerSocket

Create a TCP server socket on a port, using the default
authentication context and a specified backlog of connections
as well as a particular specified network interface. This
constructor is used on multihomed hosts, such as those used
for firewalls or as routers, to control through which interface
a network service is provided.

If there is a security manager, its checkListen
method is called with the port argument as its
argument to ensure the operation is allowed. This could result
in a SecurityException.

A port number of 0 creates a socket on any free port.

The backlog argument is the requested maximum number of
pending connections on the socket. Its exact semantics are implementation
specific. In particular, an implementation may impose a maximum length
or may choose to ignore the parameter altogther. The value provided
should be greater than 0. If it is less than or equal to
0, then an implementation specific default will be used.

If address is null, it will default accepting connections
on any/all local addresses.

Method Detail

getEnabledCipherSuites

Returns the list of cipher suites which are currently enabled
for use by newly accepted connections.

If this list has not been explicitly modified, a system-provided
default guarantees a minimum quality of service in all enabled
cipher suites.

There are several reasons why an enabled cipher suite might
not actually be used. For example: the server socket might
not have appropriate private keys available to it or the cipher
suite might be anonymous, precluding the use of client authentication,
while the server socket has been told to require that sort of
authentication.

getSupportedCipherSuites

Returns the names of the cipher suites which could be enabled for use
on an SSL connection.

Normally, only a subset of these will actually
be enabled by default, since this list may include cipher suites which
do not meet quality of service requirements for those defaults. Such
cipher suites are useful in specialized applications.

Unlike setWantClientAuth(boolean), if the accepted
socket's option is set and the client chooses not to provide
authentication information about itself, the negotiations
will stop and the connection will be dropped.

setUseClientMode

Controls whether accepted connections are in the (default) SSL
server mode, or the SSL client mode.

Servers normally authenticate themselves, and clients are not
required to do so.

In rare cases, TCP servers
need to act in the SSL client mode on newly accepted
connections. For example, FTP clients acquire server sockets
and listen there for reverse connections from the server. An
FTP client would use an SSLServerSocket in "client" mode to
accept the reverse connection while the FTP server uses an
SSLSocket with "client" mode disabled to initiate the
connection. During the resulting handshake, existing SSL
sessions may be reused.